cloudflash-snort

cloudflash snort module implements snort configuration on unix systems

npm install cloudflash-snort
6 downloads in the last week
12 downloads in the last month

cloudflash-snort

List of snort APIs

VerbURIDescription
GET/snort/configList summary of snort configuration
POST/snort/configCreate snort configuration
DELETE/snort/:idDelete snort configuration by ID

List snort configuration

Verb   URI                   Description
GET    /snort/config   List summary of snort configured.

Note: The request does not require a message body.

Success: Returns JSON data with list of snort configured.

Response

[
   {
       "id": "545e9e78-4cf2-4787-be89-f553c0d96a57",
       "config":
       {
           "var_section":
           {
               "HOME_NET": "any",
               "EXTERNAL_NET": "any",
               "DNS_SERVERS": "$HOME_NET",
               "SMTP_SERVERS": "$HOME_NET",
               "HTTP_SERVERS": "$HOME_NET",
               "SQL_SERVERS": "$HOME_NET",
               "TELNET_SERVERS": "$HOME_NET",
               "SNMP_SERVERS": "$HOME_NET",
               "HTTP_PORTS": 80,
               "SHELLCODE_PORTS": "!80",
               "ORACLE_PORTS": 1521,
               "AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]"
           },
           "preprocessor":
           [
               {
                   "preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
                   "preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
                   "preprocessor stream5_udp": "ignore_any_rules"
               },
               {
                   "preprocessor http_inspect": "global \ iis_unicode_map unicode.map 1252"
               },
               {
                   "preprocessor http_inspect_server": "server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500"
               },
               {
                   "preprocessor rpc_decode": "111 32771",
                   "preprocessor": "bo"
               },
               {
                   "preprocessor sfportscan": "proto { all } \ memcap { 10000000 } \ sense_level { low }"
               },
               {
                   "output unified": "filename events.log,limit 1"
               },
               {
                   "config flowbits_size": 256,
                   "config detection": "search-method lowmem"
               }
           ],
           "include":
           [
               "classification.config",
               "reference.config",
               "generated.rules"
           ]
       }
   }
]

Configure snort

Verb    URI                            Description
POST    /snort/config                Create snort configuration.

Example Request and Response

Request JSON

{
"var_section": {
    "HOME_NET": "any",
    "EXTERNAL_NET": "any",
    "DNS_SERVERS": "$HOME_NET",
    "SMTP_SERVERS": "$HOME_NET",
    "HTTP_SERVERS": "$HOME_NET",
    "SQL_SERVERS": "$HOME_NET",
    "TELNET_SERVERS": "$HOME_NET",
    "SNMP_SERVERS": "$HOME_NET",
    "HTTP_PORTS": 80,
    "SHELLCODE_PORTS": "!80",
    "ORACLE_PORTS": 1521,
    "AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]" 
},
"preprocessor": [
    {
        "preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
        "preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
        "preprocessor stream5_udp": "ignore_any_rules" 
    },
    {
        "preprocessor http_inspect": "global \\ iis_unicode_map unicode.map 1252" 
    },
    {
        "preprocessor http_inspect_server": "server default \\ profile all ports { 80 8080 8180 } oversize_dir_length 500" 
    },
    {
        "preprocessor rpc_decode": "111 32771",
        "preprocessor": "bo" 
    },
    {
        "preprocessor sfportscan": "proto  { all } \\ memcap { 10000000 } \\ sense_level { low }" 
    },
    {
        "output unified": "filename events.log,limit 1" 
    },
    {
        "config flowbits_size": 256,
        "config detection": "search-method lowmem" 
    }
],
"include": [
    "classification.config",
    "reference.config",
    "generated.rules" 
]
}

Response JSON

{
   "id": "545e9e78-4cf2-4787-be89-f553c0d96a57",
   "config":
   {
       "var_section":
       {
           "HOME_NET": "any",
           "EXTERNAL_NET": "any",
           "DNS_SERVERS": "$HOME_NET",
           "SMTP_SERVERS": "$HOME_NET",
           "HTTP_SERVERS": "$HOME_NET",
           "SQL_SERVERS": "$HOME_NET",
           "TELNET_SERVERS": "$HOME_NET",
           "SNMP_SERVERS": "$HOME_NET",
           "HTTP_PORTS": 80,
           "SHELLCODE_PORTS": "!80",
           "ORACLE_PORTS": 1521,
           "AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]"
       },
       "preprocessor":
       [
           {
               "preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
               "preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
               "preprocessor stream5_udp": "ignore_any_rules"
           },
           {
               "preprocessor http_inspect": "global \ iis_unicode_map unicode.map 1252"
           },
           {
               "preprocessor http_inspect_server": "server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500"
           },
           {
               "preprocessor rpc_decode": "111 32771",
               "preprocessor": "bo"
           },
           {
               "preprocessor sfportscan": "proto { all } \ memcap { 10000000 } \ sense_level { low }"
           },
           {
               "output unified": "filename events.log,limit 1"
           },
           {
               "config flowbits_size": 256,
               "config detection": "search-method lowmem"
           }
       ],
       "include":
       [
           "classification.config",
           "reference.config",
           "generated.rules"
       ]
   }
}

Delete snort config

Verb    URI                          Description
DELETE   /snort/:id                Delete an snort config.

Example Request and Response

Request Headers

DELETE /snort/7d927232-5a12-4d6e-a25f-0d823b6a2819

Response Header

Status Code : 204

npm loves you